PHP uses curl to access https example sharing

For the convenience of explanation, let’s show the code first

Copy the codeThe code is as follows:

/**
* curl POST
*
* @param string url
* @param array data
* @param int Request timeout
* @param bool Whether to perform strict authentication during HTTPS
* @return string
*/
function curlPost($url, $data = array(), $timeout = 30, $CA = true){
$cacert = getcwd () . '/cacert.pem'; //CA root certificate
$SSL = substr($url, 0, 8) == "https://" ? true : false;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout-2);
if ($SSL && $CA) {
curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, true); // Only trust certificates issued by CA
  curl_setopt($ch, CURLOPT_CAINFO, $cacert); // CA root certificate (used to verify whether the website certificate is issued by CA)
    curl_setopt($ch , CURLOPT_SSL_VERIFYHOST, 2); // Check whether the domain name is set in the certificate and whether it matches the provided host name
} else if ($SSL && !$CA) {
      curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // Trust Any certificate
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1); // Check whether the domain name is set in the certificate
}
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEA DER, array('Expect:')) ; //Avoid the problem of too long data
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
//curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($data)); / /data with URLEncode
$ret = curl_exec($ch);
//var_dump(curl_error($ch)); //View error message
curl_close($ch);
return $ret;
}

If URL If the address starts with https, then use SSL, otherwise use ordinary HTTP protocol.

Is it safe if I use HTTPS? In fact, SSL also has different levels of verification.

For example, do you need to verify the common name in the certificate? (BTW: Common Name generally means filling in the domain name (domain) or subdomain (sub domain) for which you are going to apply for an SSL certificate.)

Do you need to verify the host name?

Do you trust any certificate or only those issued by the CA?

(I wiped it, the battery is almost dead, I only picked out the key points - -|||)

If the website SSL certificate is purchased from a CA (usually more expensive), then it can be more strict when accessing Certification, that is:

Copy the code The code is as follows:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true); // Only trust certificates issued by the CA
curl_setopt($ch, CURLOPT_CAINFO, $cacert); / / CA root certificate (used to verify whether the website certificate is issued by the CA)
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); // Check whether the domain name is set in the certificate and whether it matches the provided host name

If the website’s certificate is generated by yourself, or applied by a small online organization, then if you use strict authentication when accessing, it will not pass and false will be returned directly. (By the way, when false is returned, you can print curl_error($ch) to view the specific error message.) At this time, you can reduce the verification level according to the situation to ensure normal access, for example:

Copy the codeThe code is as follows:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // Trust any certificate
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1); // Check whether the domain name is set in the certificate (0 is also acceptable, that is, the existence of the domain name is not verified) )

Usually when we use a browser to access various https websites, we sometimes encounter a prompt that the certificate is not trusted. In fact, it is because the certificates of these websites are not issued by formal CA organizations.

Various browsers on the market have built-in CA root certificate list information. When visiting websites with CA-issued certificates, the certificates of these websites will be verified based on the root certificate, so there will be no such prompt.

Regarding the CA root certificate file, it actually contains the public key certificates of each major CA organization, which is used to verify whether the website's certificate is issued by these organizations.

The file here is derived from mozilla’s source tree and converted into a PEM format certificate file. (You can download the ready-made http://curl.haxx.se/ca/cacert.pem here)

Finally, let me talk about something unrelated to SSL:

Copy the codeThe code is as follows:

curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));

This is mainly to solve the problem of too long data during POST

The above introduces the example sharing of using curl to access https in PHP, including the relevant content. I hope it will be helpful to friends who are interested in PHP tutorials.